Project initiated by Nuxt lead Daniel Roe attracts wide support thanks to multiple issues with the official interface A new ...

UNC6426 used stolen GitHub tokens from the 2025 nx npm breach to gain AWS admin access in under 72 hours, enabling data theft and cloud destruction.

The Contagious Interview campaign weaponizes job recruitment to target developers. Threat actors pose as recruiters from crypto and AI companies and deliver backdoors such as OtterCookie and ...

GitLab exposes abuse of its platform to trick software developers into downloading malicious payloads and finance companies ...

Security researchers at Noma Labs found a critical flaw in Context7, a widely used tool that feeds AI coding assistants ...

In our incident analysis, we examined more than 30,000 attacker dumps and tied the exposed secrets to 1,195 organizations worldwide, including banks, government bodies and large technology companies.

A sophisticated malware operation targeting software developers has expanded its reach by exploiting trusted extension ecosystems, with security researchers uncovering dozens of malicious packages ...

The open-source project npmx is used for fast searching of npm packages. It focuses on UX, displays vulnerability warnings, and offers a dark mode.

TypeScript 6.0 RC represents the final major release built on the current JavaScript-based compiler. The upcoming TypeScript 7.0 will use a Go-based native implementation for enhanced speed and memory ...

Are AGENTS.md files actually helping your AI coding agents, or are they making them stupider? We dive into new research from ETH Zurich, real-world experiments, and security risks to find the truth ...

Microsoft has updated Windows App Development CLI to v0.2, adding .NET support, manifest placeholders, and Microsoft Store ...

More OpenClaw security woes. Huntress researchers say bad actors convinced users to download a bogus installer for the AI personal assistant that deployed infostealers by hosting it in a malicious ...